Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DPB_Point
Contributor
Contributor

Logging policy rules usage

HI,

I am trying to do a report which has the source, destination, service, action and rule ID as fields. I am having problems when I try to find the rule Id as a field because I only have these posibilities:

Anyone know how to add the field of rule ID? What I am doing is a table inside the report. I know that I can do a filter of the logs tab directly exporting it to a CSV and then filtering the data but my goal is to automatize log reporting so that only serves me in a short period of time.

Furthermore, I consider that the field should be named as the field in logs , access rule number.

Thanks for your attention.

6 Replies
Jerry
Mentor
Mentor

I might be mistaken but I haven't seen such option in R80.10 so far. the only way of doing it imho is by using either 3rd party tools like Skybox, Firemon or Tufin, or even Splunk (they may work with new API though) or ask CP R&D if that field is actually "reportable" by SmartReport with a little help of SmartLog Smiley Happy Sorry if I have misleaded you by this but as far as Im aware that field does not exist in a standard reporting capabilities or R80.10. Has R80.20 changed this folks?

Jerry
0 Kudos
Tomer_Sole
Mentor
Mentor

The show-package HTML reporter contains hit count. https://community.checkpoint.com/docs/DOC-1974 

0 Kudos
DPB_Point
Contributor
Contributor

The matter is that I want to schedule reports and send them by email or export them to a excel in a automatic way. So I need to do it by creating a new report. So do you think that there isnt any way for entering the rule ID field into your report table?

0 Kudos
Kfir_Dadosh
Collaborator

Hi,

It is possible to show the rule uid with some simple XML editing.

 - Create a table with all the fields that you want, and another "placeholder" field.

 - Export the report template.

 - Edit the template .cpr file, search and replace "placeholder" field with rule_uid:

<column>

    <fieldName><![CDATA[rule_uid]]></fieldName> 

 - Import the template file from the SmartView catalog.

The reason it is not shown in the picker is due to overlapping with hitcount rule_uid field.

We will work to fix it in some future version.

Tomer_Sole
Mentor
Mentor

daniel prestes Just a question - once you have this report, what answers will you try to get from it? Because we might have other tools that do this thing you are looking for.

0 Kudos
DPB_Point
Contributor
Contributor

Hi tomer,

We want to know to get the logs of a desired rule with the target of viewing if we can granularize more the rules and giving a better service to our customer on the loggings field.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events